---
- name: Verify
  hosts: all
  gather_facts: true
  tasks:
    - name: "Test: file /etc/hosts"
      block:
        - name: "Stat file /etc/hosts"
          ansible.builtin.stat:
            path: "/etc/hosts"
          register: stat_etc_hosts

        - name: "Verify file /etc/hosts"
          vars:
            etc_hosts_group:
              ubuntu: "adm"
              debian: "root"
          ansible.builtin.assert:
            that:
              - stat_etc_hosts.stat.exists
              - stat_etc_hosts.stat.isreg
              - stat_etc_hosts.stat.pw_name == 'root'
              - stat_etc_hosts.stat.gr_name == etc_hosts_group[(ansible_distribution|lower)]

    - name: "Test: file /etc/apt/sources.list"
      block:
        - name: "Stat file /etc/apt/sources.list"
          ansible.builtin.stat:
            path: "/etc/apt/sources.list"
          register: stat_etc_apt_sources_list

        - name: "Slurp file /etc/apt/sources.list"
          ansible.builtin.slurp:
            src: "/etc/apt/sources.list"
          register: slurp_etc_apt_sources_list

        - name: "Verify file /etc/apt/sources.list"
          ansible.builtin.assert:
            that:
              - stat_etc_apt_sources_list.stat.exists
              - stat_etc_apt_sources_list.stat.isreg
              - stat_etc_apt_sources_list.stat.pw_name == 'root'
              - stat_etc_apt_sources_list.stat.gr_name == 'root'
              - stat_etc_apt_sources_list.stat.mode == '0644'

        - name: "Verify file /etc/apt/sources.list"
          vars:
            expected_source_list_content: |
              # See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources
          ansible.builtin.assert:
            that:
              - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content"

    - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
      block:
        - name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
          ansible.builtin.stat:
            path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
          register: stat_etc_apt_sources_list_d

        - name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
          ansible.builtin.slurp:
            src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
          register: slurp_etc_apt_sources_list_d

        - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
          ansible.builtin.assert:
            that:
              - stat_etc_apt_sources_list_d.stat.exists
              - stat_etc_apt_sources_list_d.stat.isreg
              - stat_etc_apt_sources_list_d.stat.pw_name == 'root'
              - stat_etc_apt_sources_list_d.stat.gr_name == 'root'
              - stat_etc_apt_sources_list_d.stat.mode == '0644'

        - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
          vars:
            expected_source_list_content:
              ubuntu: |
                X-Repolib-Name: ubuntu
                Types: deb
                URIs: http://fr.archive.ubuntu.com/ubuntu
                Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
                Components: main restricted universe multiverse
              debian: |
                X-Repolib-Name: debian
                Types: deb
                URIs: http://deb.debian.org/debian
                Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
                Components: main
          ansible.builtin.assert:
            that:
              - "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]"